The SDO service allows users secure, password-free access to Microsoft 365 portals and services. Users are able to log into the console by authorizing the connection through an app on their phone. This article provides the steps needed to enabled the SDO service for Microsoft 365 and federate the domain that SDO will use for access.
Before you begin: The Microsoft 365 integration with SDO should be performed using a Global Admin with the native *.onmicrosoft.com domain local to the tenant. If you do not have a .onmicrosoft.com Global Admin user and need assistance in creating one, please contact our Support Team.
If you plan on integrating SDO with Microsoft 365 services and an External or on-premise Active Directory, we highly recommend configuring AD Connect between the two platforms before adding the SDO integration for those services.
More information on Azure AD Connect can be found in the following Microsoft article:
Set up directory synchronization for Microsoft 365
Primary Domain Considerations
Accessing the Microsoft 365 environment through SDO requires the federation of a domain with SDO. Once a domain is federated, users logging into any Office 365 account with that domain will automatically be redirected to the SDO platform to authorize their login via the Authenticator App. In most cases, a company will opt to federate their primary domain so that users can log in with the same address where they receive email. When the primary domain is federated with SDO, all users who log into Microsoft 365 using their primary email address will automatically be directed to the SDO login, which will prompt the Authenticator App to authorize the login.
The authentication domain must be unfederated before proceeding with the configuration steps below.
If your preference or company needs necessitate keeping the primary domain unfederated or federated with a different source, it is possible to use an Intermediary Domain for SDO Authentication. Please contact our Support Team for assistance on setting up SDO with an Intermediary domain.
Enabling SDO for Office 365
- In the Control Panel, click on My Services from the left-hand menu.
- Click on the Secret Double Octopus vendor band to expand it.
- Under the expanded vendor band, click on the Services tab.
- Click on the Microsoft Office 365 service
- Select your primary domain from the Domain drop-down field.
- Click the Activate Microsoft Office365 button.
- Under the Configuration tab, enter the your domain.
- Click on the Save button.
- Click on the Microsoft Office 365 service again to re-open the service window.
- Click on the Service Metadata tab.
- The Service Metadata page will show the Login URL, Logout URL, Issuer URL, and x.509 Certificate for your SDO authentication connection. We recommend keeping this tab open for the next steps, as you will be copying these values into the Microsoft 365 Setup Wizard in the next section.
Setting up the Microsoft 365 tenant for SDO Authentication
To begin the process of federation your Microsoft 365 domain to SDO for Authentication, click on the following link to open the Microsoft 365 Setup Wizard
- In the first page of the Wizard, enter your primary Domain, Global Admin username, and Global Admin user password. If you are currently using an External Active Directory for user authentication (either via Federation or AD Sync), check the "External Active Directory" box.
- Click the Identify Issues button. This will check for any issues that may prevent the federation of your domain with SDO, such as a login issue with the provided credentials, or pre-existing federation.
- If no issues are found, you will see results similar to the following displayed:
- Click the Next button to continue.
- Click the Submit button to search for any users missing a valid token, and to correct them if found.
- Click the Next button.
- Enter the Company ID for your account in the CloudPlusService Control Panel. You can find this ID by clicking on "My Company" when logged into the account in the Control Panel. Click the Submit button to search for any users with missing a valid Immutable ID, and correct them if found.
- Click the Next button to continue.
- On the Federate page, enter the Login URL, Logout URL, Issuer URL, and Certificate that were shown in the Service Metadata page for the SDO service in the Control Panel. These values can be copied directly from the fields shown in step 11 of the previous section and pasted into this page. Enter the company name in the Federation Brand Name field.
- Click the Finish button to complete the federation of the domain to SDO.
- You will receive the following confirmation once the federation process is complete: